Thanks again. Makes sense.
Now that I am locked out for SSH access, I will just ask questions of interest without actually trying things out. For all the different ppolicy-related things to work, I am guessing the following is the procedure. Please correct me.
a) Editing slapd.conf and adding "include", "modulepath", "loadmodule ppolicy.la", "overlay", "ppolicy_use_lockout", "ppolicy_default" statements. b) Adding necessary policy-related objects to LDAP (policy object and standard policy sub-object). These will inherit from pwdPolicy objectclass. c) Adding the users that will be managed by the password policy to the directory. Do I have to add "objectClass=pwdPolicy" attribute to all the users that need to be managed by ppolicy and leave it out for the other users?
I will try all these out on monday.
Prakash
Aaron Richton richton@nbcs.rutgers.edu 11/24/06 8:06 PM >>>
Note that I build static modules, so this may need verification/clarification, but I'll try:
The .la files are libtool archives. If you examine them (e.g. cat(1)), then you'll see that they point to .so files (among other details). A libtool-aware application--note that slapd(8) should be one of them--can
parse the .la file, which allegedly offers advantages (mostly platform independence). So, following a 'make install', you should be able to specify in slapd.conf
moduleload /path/to/ppolicy.la
and that should parse OK. At least, that's the way I remember it...
Then again, you should be able to moduleload the .so also. If the .la doesn't work out, try that.
On Fri, 24 Nov 2006, Prakash Velayutham wrote:
Thanks Aaron. So I built openldap with:
$ ./configure --with-tls=no --with-cyrus-sasl=no --enable-slurpd=no --enable-ipv6=no --enable-ppolicy=mod --enable-hdb=yes
--enable-modules
--enable-bdb=no --enable-ldif=no --enable-monitor=no --enable-relay=no --enable-syncprov=no
Why do I have a ppolicy*.so and a ppolicy*.la file in the install location? When do you use the ppolicy*.so?
I have temporarily lost access to the system because of PAM. Will have access again on monday.
Thanks, Prakash
Prakash Velayutham 11/24/06 5:13 PM >>> Aaron Richton richton@nbcs.rutgers.edu 11/24/06 4:04 PM >>>
configure --enable-hdb --enable-ppolicy={yes|mod} should handle it. "yes" will build it into slapd, "mod" will give you a module. (You can do the same for --enable-hdb.)
On Fri, 24 Nov 2006, Prakash Velayutham wrote:
Hello All,
I am trying to get ppolicy working on my openldap-2.3.29 server. I
want
this setup to work with hdb backend and either static or dynamic
ppolicy
module. What compile time options would be sufficient?
Thanks, Prakash
openldap-software@openldap.org